第1页 / 共42页
第2页 / 共42页
第3页 / 共42页
第4页 / 共42页
第5页 / 共42页
第6页 / 共42页
第7页 / 共42页
第8页 / 共42页
Sovrin-Protocol-and-Token-White-Paper.pdf
Abstract
Table of Contents
Part 1: The Problem
Digital identity is one of the oldest and hardest problems on the Internet
The heart of the problem: no standard way to verify digital credentials
The World Wide Web Consortium (W3C) is finally standardizing digital credentials
But this leaves the second problem: standardizing how to verify the digital signatures of credentia
Part 2: The Solution
With blockchain technology, we can finally solve this problem
With blockchains, every public key can now have its own address
With a public blockchain for DIDs, anyone can issue a digitally-signed credential, and anyone else
Part 3: Identity for All
To be truly universal, a blockchain for self-sovereign identity (SSI) must operate as a global publ
Every public blockchain was designed for a specific purpose
The Sovrin blockchain was designed
ONLY for identity
Sovrin governance is based on a universal trust framework for SSI
The network must have the performance and scalability of DNS
The economics of the network must enable universal accessibility
Part 4: Privacy for All
Above all, a global public utility for SSI must meet the highest privacy standards in the world, inc
All Sovrin identifiers and public keys are pseudonymous by default
No private data is stored on the Sovrin ledger—even in an encrypted form
Sovrin enables selective disclosure of verifiable claims
Part 5: The Impact
The potential impact of a global
public utility for self-sovereign
identity could be massive
The most direct impact will be to the Identity and Access Management (IAM) industry
The largest industry to be impacted by adoption of SSI is cybersecurity
The second largest industry to be impacted is RegTech
Sovrin could change the course of the Data Integration industry
Part 6: The Token
Realizing these economic benefits requires a new means of exchanging value for digital credentials
But today, the only option for paying for verifiable credentials is conventional payment networks
The solution is a new digital token that is fundamental to the Sovrin protocol
The Sovrin token can enable a global marketplace for digital credentials
For example, your mobile carrier could help you prove your location at any point in time-and be paid
The Sovrin token can also enable a market for digital credential insurance
For example, universities could insure verifiable degrees for their alumni
The Sovrin token can unlock an ethical market for customer data
Conclusion
Sovrin™: A Protocol
and Token for Self-
Sovereign Identity and
Decentralized Trust
A White Paper from
the Sovrin Foundation
Version 1.0
January 2018
Abstract
Digital identity is one of the oldest and hardest problems on the Internet. There is
still no way to use digital credentials to prove our online identity the same way we do
in the offline world. This is finally changing. First, the World Wide Web Consortium is
standardizing the format of digitally-signed credentials. Secondly, public blockchains can
provide decentralized registration and discovery of the public keys needed to verify digital
signatures. These two steps pave the way to establish a global public utility for self-sovereign
identity—lifetime portable digital identity that does not depend on any central authority
and can never be taken away. The Sovrin Network has been designed exclusively for this
purpose, including governance (the Sovrin Foundation and the Sovrin Trust Framework),
scalability (validator and observer nodes and state proofs), and accessibility (minimal cost
and maximum availability). Most importantly, Sovrin implements Privacy by Design on a
global scale, including pairwise pseudonymous identifiers, peer-to-peer private agents,
and selective disclosure of personal data using zero-knowledge proof cryptography. The
emergence of this infrastructure can transform at least four major markets: identity and
access management, cybersecurity, RegTech, and data integration. To provide economic
incentives for credential issuers, owners, and verifiers, the Sovrin protocol will incorporate
a digital token designed expressly for privacy-preserving value exchange. The Sovrin token
should enable a global marketplace for digital credentials of all types and value levels
together with ancillary markets for digital credential insurance and permissioned first party
data (direct from the customer).
Table of Contents
Part 1: The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Part 2: The Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Part 3: Identity for All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Part 4: Privacy for All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Part 5: The Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Part 6: The Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Next Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Sovrin: A Protocol and Token for Self-Sovereign Identity & Decentralized Trust
Pg 2 of 42
PART ONE
The
Problem
Digital identity is one of the oldest
and hardest problems on the Internet
And it is only getting worse.
Although this famous New Yorker cartoon was first published in 1993,1 it remains
true even today. Despite a quarter-century of advances in Internet technology,
there is still no easy way to prove online that you are not a dog, are over 18, live at
a certain address, graduated from a certain school, work at
a specific company, or own a specific asset. These kinds of
assertions about ourselves (the identity owner), known in
the digital identity industry as claims, are difficult to trust
because they are nearly impossible to verify.
In the physical world, we use the
physical credentials in our wallet to
prove our identity.
Each time we board an airplane, rent a car, reserve a hotel
room, or take out a library book, we prove claims about
ourselves simply by opening our wallet and showing one
or more credentials containing claims issued by a trusted
authority (called the issuer) to another human being or
company who needs to trust the claim (called the verifier).
Why don’t we have an equivalent solution on the
Internet? What is preventing it?
Where is the digital equivalent of a passport, driver’s license, or birth certificate
that we can just “show” to a website to register, login, or verify our rights and
privileges? Why do we instead have dozens or even hundreds of usernames and
passwords to manage, and our personal details scattered across a multitude
of databases guarded by companies who demonstrate almost daily they are
incapable of keeping it safe?
1 This cartoon is also the inspiration for the logo of the Internet Identity Workshop, a twice-yearly event that just celebrated IIW #25.
Sovrin: A Protocol and Token for Self-Sovereign Identity & Decentralized Trust
Pg 4 of 42
The heart of the problem is that
we have no standard way to verify
digital credentials
A physical credential is relatively easy to verify: a
human makes a judgment about a paper document.
Hotel clerks, car rental agents, librarians, and security guards all
know the basic procedures for verifying a physical credential
from your wallet, with varying degrees of certainty.
But this same process is not easy to duplicate online. To
begin with, on the other end of an Internet connection you don’t
have a human—you have a machine. And the credential you are showing
them is not a physical document they can inspect, but a digital document.
To verify a digital credential, we need to solve two
problems. First, we need to standardize the format.
Because a digital credential is read by a machine, it
needs to be in a format that machines can understand.
We’re already seeing this today with some paper
credentials that must be verified all around the
world, such as passports. Even though it is a physical
document, a passport includes sections that are
machine-readable in a standardized format.
Second, we need a standard way to verify the
source and integrity of these digital credentials.
Digital signatures are already legally valid in most jurisdictions around the world.
However they require two keys. The first key—the private key or signing key—
is used to sign the document, and is kept secret by the issuer. The second key,
called the public key or verification key—is used to verify the signature and
ensure the document has not been tampered with, and it does not need to be
kept secret. For universal adoption of digital credentials, we need a standard way
to verify the public key of the issuer, which would then prove the authenticity of
the credential.
Sovrin: A Protocol and Token for Self-Sovereign Identity & Decentralized Trust
Pg 5 of 42
The World Wide Web Consortium
(W3C) is finally standardizing
digital credentials
The W3C Verifiable Claims Working Group was
formed in April 2017.
Its mission is summarized in the charter:
It is currently difficult to express banking account information, education qualifications,
healthcare data, and other sorts of machine-readable personal information that has been
verified by a 3rd party on the Web. These sorts of data are often referred to as verifiable
claims. The mission of the Verifiable Claims Working Group is to make expressing,
exchanging, and verifying claims easier and more secure on the Web.
Verifiable claims are a standard way of defining, exchanging, and verifying digital
credentials. The strength of the claim depends on the degree of trust the verifier
has in the issuer. For example, if a bank issues a claim saying that you have a
certain credit card number, a merchant can rely on the claim if the merchant has
a high degree of trust in the bank.
A worldwide standard format for digital credentials
should have a far-ranging impact.
Standardized network packets enabled the Internet. Standardized hypertext
pages enabled the Web. Likewise, standardized digital credentials can enable a
worldwide ecosystem of credential issuers, owners, and verifiers all exchanging
interoperable verifiable claims as shown in this diagram.
Owner
Verifiable
Claim
Issuin g
Protocol
Verifiable
Claim
Verifying
Protocol
Issuer
Existing Trust
Relationship
Verifier
Sovrin: A Protocol and Token for Self-Sovereign Identity & Decentralized Trust
Pg 6 of 42
But this leaves the second problem:
standardizing how to verify the digital
signatures of credential issuers
The usual answer has been public key
infrastructure (PKI).
The premise of public key cryptography is that anyone can verify a digital signature
from anyone else as long as you have access to their public key. The two keys are
cryptographically linked so that every private key has only one public key and vice versa.
The core challenge is verifying that you have the correct public key for the issuer. For
the past several decades the answer has been PKI.
PKI is what powers the green padlock
in your browser.
The PKI used in modern browsers relies on a small number
(a few hundred) certificate authorities (CAs) to be the
roots of trust. The number is small so that your browser can easily manage them.
The owner of a private key, such as a website, gives their public key to a CA who
signs it with their own private key and issues a public key certificate. That’s what
your browser is checking for each time you connect to a website that offers an
encrypted HTTPS connection. This is how you know you’re dealing with the site
you think you are.
The fundamental problem with PKI is that it is
cumbersome, costly, and centralized.
Certificates from reputable CAs take real time and effort to obtain. Being a CA
has been described as having a license to print money, because these centralized
roots of trust are built into browsers and other software. This is why most digital
certificates are purchased by companies, not individuals. They are just too hard for
most people to deal with.
What’s worse, inserting a middleman into our digital trust infrastructure is a
vulnerability. If a CA makes a mistake on a digital certificate, or if their service
goes down or has a security lapse, or if they raise their prices, or if they go out of
business—the whole system falls apart. It is centralization of this type that can
lead to censorship and single points of failure.
Sovrin: A Protocol and Token for Self-Sovereign Identity & Decentralized Trust
Pg 7 of 42
PART TWO
The
Solution
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
